A huge bug in Twitter’s ad service network could allow anyone to tweet from anyone’s handle with ease. This wasn’t detected until a security researcher found the flaw in Twitter’s Ad Studio.
The hacker ‘kedrisch’ claimed to have uncovered the issue while exploring Twitter’s code for bugs. He said the flaw could give cybercriminals the ability to “publish entries in Twitter-network by any user of this service.”
Twitter did their research on the topic and quickly blocked the hole. “By sharing media with a victim user and then modifying the post request with the victim’s account ID the media in question would be posted from the victim’s account,” Twitter wrote in its summary of the bug.
Meanwhile, the company fixed the vulnerability three days later, and awarded the researcher with a bounty of $7,560.